Lenovo Edge USB Keyboard Driver Local Privilege Escalation
Lenovo Edge USB Keyboard Driver Local Privilege Escalation
Lenovo Edge USB Keyboard Driver Local Privilege Escalation
Lenovo Security Advisory: LEN-11588
Potential Impact: Escalation of privileges by a local user
Severity: High
Scope of Impact: Lenovo-specific
CVE Identifier: CVE-2016-8225
Summary Description:
A vulnerability was identified in the Lenovo Edge USB Keyboard driver for Windows 7, 8 and 10 where a user with local privileges could execute a file with administrator level privileges. The Lenovo Edge USB Keyboard is also referred to as Lenovo Slim USB Keyboard or Lenovo Low Profile Keyboard.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update the keyboard driver to version 1.21 or later here by following the instructions in the readme file or by updating your system through Lenovo System Update.
Product Impact:
This keyboard was sold with the following systems, however customers may have also purchased this keyboard separately.
- Ideacentre 300s-08IHH
- Lenovo 63
- Lenovo E50-00, E50-05
- Lenovo S200, S400z, S500, S500z, S510, S40-40, S50-30
- ThinkStation E31, E32, P300, P310, P410, P510, P710, P910
- ThinkCentre E63z, E73, E73z, E93, E93z
- ThinkCentre M53, M73, M73z, M73p, M78, M79, M83, M83z, M93, M93p, M93z
- ThinkCentre M700, M800, M900
Revision History:
Revision |
Date |
Description |
1.0 |
12/15/2016 |
Initial release |
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
Your feedback helps to improve the overall experience